package net.sf.mmm.crypto.asymmetric.cert;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import net.sf.mmm.crypto.algorithm.AbstractSecurityAlgorithm;
import net.sf.mmm.crypto.asymmetric.key.AsymmetricKeyPair;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:net/sf/mmm/crypto/asymmetric/cert/CertificateCreatorImpl.class */
public class CertificateCreatorImpl extends AbstractSecurityAlgorithm implements CertificateCreator {
    private final CertificateConfig config;
    private CertificateFactory certificateFactory;

    public CertificateCreatorImpl(CertificateConfig certificateConfig) {
        this.config = certificateConfig;
    }

    public String getAlgorithm() {
        return this.config.getType();
    }

    protected CertificateFactory getCertificateFactory() {
        if (this.certificateFactory == null) {
            this.certificateFactory = this.config.getProvider().createCertificateFactory(this.config.getType());
        }
        return this.certificateFactory;
    }

    public Certificate createCertificate(byte[] bArr) {
        try {
            return getCertificateFactory().generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            throw creationFailedException(e, Certificate.class);
        }
    }

    public Certificate generateCertificate(AsymmetricKeyPair<?, ?> asymmetricKeyPair, CertificateData certificateData) {
        String type = this.config.getType();
        if (!type.equals("X509")) {
            throw new UnsupportedOperationException("Unsupported certificate type: " + type);
        }
        try {
            PublicKey publicKey = asymmetricKeyPair.getPublicKey();
            PrivateKey privateKey = asymmetricKeyPair.getPrivateKey();
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
            X500Name x500Name = new X500Name(certificateData.getSubject());
            return new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(new X500Name(certificateData.getIssuer()), certificateData.getSerialNumber(), Date.from(certificateData.getNotBefore()), Date.from(certificateData.getNotAfter()), x500Name, subjectPublicKeyInfo).build(new JcaContentSignerBuilder(certificateData.getSignatureAlgorithm()).build(privateKey)));
        } catch (Exception e) {
            throw AbstractSecurityAlgorithm.creationFailedException(e, Certificate.class, type);
        }
    }

    public CertificateData getCertificateData(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            throw new UnsupportedOperationException("Unsupported certificate type: " + certificate.getType());
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        CertificateDataBean certificateDataBean = new CertificateDataBean();
        Date notAfter = x509Certificate.getNotAfter();
        if (notAfter != null) {
            certificateDataBean.setNotAfter(notAfter.toInstant());
        }
        Date notBefore = x509Certificate.getNotBefore();
        if (notBefore != null) {
            certificateDataBean.setNotBefore(notBefore.toInstant());
        }
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (issuerX500Principal != null) {
            certificateDataBean.setIssuer(issuerX500Principal.getName());
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (subjectX500Principal != null) {
            certificateDataBean.setSubject(subjectX500Principal.getName());
        }
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (serialNumber != null) {
            certificateDataBean.setSerialNumber(serialNumber);
        }
        String sigAlgName = x509Certificate.getSigAlgName();
        if (sigAlgName != null) {
            certificateDataBean.setSignatureAlgorithm(sigAlgName);
        }
        return certificateDataBean;
    }
}
